discordrat | 6b8f247e784b698beb5f367db3e0d5f3948bf197dcbcf6d5ea16d4a08f0318fb

Resubmissions

23-11-2024 19:36

23-11-2024 14:30

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 14:30

Target

Bootsrapper.exe
Size

90KB
MD5

7eab793cd27c58b8c563d6a33a2f2a72
SHA1

24fc9a75389b6c115fff236ebd979264b0fd8f30
SHA256

6b8f247e784b698beb5f367db3e0d5f3948bf197dcbcf6d5ea16d4a08f0318fb
SHA512

f4d0c2f8c9fd9ba76a716b5eeab2e1db28235080a5b2822f3453567a1ec51347697edf859687393094332e2c01d5dc8667170cb4e4731b50afd79da14ee92e8e
SSDEEP

1536:IjvCBPyCGZ6wIopPAAqxhP51UGIfpAk0Wjgb2Nrs+uexCxoKV6+f3ky:WCBKCGZ1IoNUhP5qnRgb2Nrs+bS3ky

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMwOTg4MDE2NTE2OTYzMTI1Mw.G_7Dxh.wsYSjBrol4khGDtnY_BBpyEe - H9AsmG2TfF5gs
server_id
1309880651683467275

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Bootsrapper.exe

description	pid	process	target process
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	WerFault.exe
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	WerFault.exe
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Bootsrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootsrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3008 -s 600
  2⤵
  PID:816

memory/3008-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

Filesize
4KB

Download
memory/3008-1-0x000000013F790000-0x000000013F7AC000-memory.dmp

Filesize
112KB

Download
memory/3008-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/3008-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download